Vulnerabilities in Apache Software Foundation

1,872 results
CVE-2024-45507HIGHApache OFBiz: Prevent use of URLs in files when loading them from Java or Groovy, leading to a RCEEPSS 93.2%CVE-2021-27905SSRF vulnerability with the Replication handlerEPSS 93.1%CVE-2022-33891HIGHApache Spark shell command injection vulnerability via Spark UIEPSS 93.0%KEVCVE-2022-24706CRITICALRemote Code Execution Vulnerability in PackagingEPSS 92.3%KEVCVE-2024-27316HIGHApache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation framesEPSS 91.3%CVE-2024-45216CRITICALApache Solr: Authentication bypass possible using a fake URL Path endingEPSS 90.7%CVE-2018-11759The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK EPSS 90.6%CVE-2017-12636CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating syEPSS 90.6%CVE-2022-30522mod_sed denial of serviceEPSS 90.4%CVE-2016-8735CRITICALRemote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x beforeEPSS 90.3%KEVCVE-2023-37582CRITICALApache RocketMQ: Possible remote code execution when using the update configuration functionEPSS 90.0%CVE-2017-5645In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another applicEPSS 89.0%CVE-2021-45456Command injectionEPSS 88.6%CVE-2017-12611In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string liteEPSS 88.0%CVE-2024-36104CRITICALApache OFBiz: Path traversal leading to a RCEEPSS 87.9%CVE-2021-27907Apache Superset stored XSS on Dashboard markdownEPSS 86.4%CVE-2017-15715In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, raEPSS 86.0%CVE-2021-45232security vulnerability on unauthorized access.EPSS 85.9%CVE-2022-41678Apache ActiveMQ: Insufficient API restrictions on Jolokia allow authenticated users to perform RCEEPSS 85.8%CVE-2022-28732Apache JSPWiki Cross-site scripting vulnerability on WeblogPluginEPSS 85.7%